The SpyEye hacking toolkit has added an Android component that collects the text messages some banks use as an extra security precaution, a researcher said today.

“The standard SpyEye now also entices a user to download an Android app, which is actually a component that’s Android-specific malware,” said Amit Klein, the chief technology officer of Boston-based Trusteer, a security firm that specializes in online anti-cybercrime defenses.

The Android app poses as a security program — ironically, one that’s supposed to protect a user’s text messages from being intercepted — required to use a bank’s online services from a mobile device.

Many banks now send customers a one-time code, usually a series of numbers, to their mobile phone. To access the account, a user must enter not only the traditional username and password, but also the just-received passcode. It’s that passcode that the bogus Android app intercepts and then re-transmits to a hacker-managed command-and-control (C&C) server, said Klein.

Share this:

Like this:

LikeLoading...

Related

About John Bertoli

I enjoy to read and write. I am an aspiring author and am interested in marketing, SEO strategies, finance, trading, and entrepreneurship.
I started working at Bat Blue Corporation part-time during my senior year at Stevens Institute of Technology and continued after graduation, realizing how experienced and dedicated the Bat Blue technologists were.
I serve as the Marketing Associate, in charge of writing press releases and case studies, as well as developing content for our website http://www.batblue.com. I organize exhibition events throughout the year, providing market exposure for the company and produce a daily network security newsletter sent to over 5,000 subscribers, known as The Daily Security Briefing.
By utilizing Bat Blue's past achievements and current accomplishments, I strive to leverage these successes to create brand recognition and develop future opportunities for the company.